I would contact WestHost direct on this one. While I can see that item 1 is something that they could deal with I doubt that database issue is going to be something they would deal with. You would almost need a second account to deal with those issues I would think or maybe a node over at VPS.net set up to handle the database stuff. I wonder if this is why they have decided to not offer Miva on new accounts.

Q. What part of the payment transaction process is addressed by the PA-DSS?
A. The PA-DSS applies to software vendors and others who develop payment
applications that store, process, or transmit cardholder data as part of authorization or settlement, where these payment applications are sold, distributed, or licensed to third-parties.

Payment applications validated per PA-DSS, when implemented in a PCI
DSS-compliant environment, will minimize the potential for security breaches leading to compromises of full magnetic stripe data, card validation codes and values (CAV2, CID, CVC2, and CVV2), PINs and PIN blocks, and the damaging fraud resulting from these breaches. Internally developed
applications that are not sold or distributed to third-parties are not subject to PCI PA-DSS but are subject to PCI DSS.

As such you should be able to ignore the PA-DSS issues, as those should be
handled directly by the payment gateways or developers of applications that
handle credit card processing.

We are happy to help you get Empresa upgraded to the newest version. To any clients that have this same issue, please submit a ticket to us at http://members.westhost.com/contactus.html and we will get that taken care of. Regarding the other items in your list, we are still working with Miva to clarify what needs to happen on our end as the host. Once that is fully clarified, we will post a followup with a more definite answer.